Hawxy
diff --git a/‎.eslintrc.json‎
Lines changed: 4 additions & 3 deletions b/‎.eslintrc.json‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎.github/FUNDING.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/FUNDING.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/pull-request-lint.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/pull-request-lint.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.mergify.yml‎
Lines changed: 5 additions & 5 deletions b/‎.mergify.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.projen/deps.json‎
Lines changed: 11 additions & 6 deletions b/‎.projen/deps.json‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎.projen/tasks.json‎
Lines changed: 5 additions & 2 deletions b/‎.projen/tasks.json‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎.projenrc.ts‎
Lines changed: 1 addition & 1 deletion b/‎.projenrc.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎API.md‎
Lines changed: 16 additions & 0 deletions b/‎API.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 14 additions & 13 deletions b/‎package.json‎
Lines changed: 14 additions & 13 deletions
diff --git a/‎src/index.ts‎
Lines changed: 12 additions & 1 deletion b/‎src/index.ts‎
Lines changed: 12 additions & 1 deletion
@@ -0,0 +1 @@
+github: Hawxy
@@ -5,7 +5,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
   authorAddress: 'Hawxy@users.noreply.github.com',
   cdkVersion: '2.80.0',
   constructsVersion: '10.1.0',
-  jsiiVersion: '~5.5.0',
+  jsiiVersion: '~5.7.0',
   majorVersion: 2,
   defaultReleaseBranch: 'main',
   name: 'cdk-tailscale-bastion',
 
@@ -38,6 +38,8 @@ export interface TailscaleCredentials {
    * Provides an auth key as a plaintext string.
    * This option will expose the auth key in your CDK template and should only be used with non-reusable keys.
    * Potentially useful for DevOps runbooks and temporary instances.
+   *
+   * The `cachedInContext` configuration option might be relevant to you if you use this parameter.
    */
   readonly unsafeString?: string;
 }
@@ -103,6 +105,14 @@ export interface TailscaleBastionProps {
    * Advertise a custom route instead of using the VPC CIDR, used for Tailscale 4via6 support.
    */
   readonly advertiseRoute?: string;
+  /**
+   * Setting this to true will result in the Amazon Linux AMI being cached in `cdk.context.json` and prevent the instance being replaced when the image is updated.
+   * Enable this if you'd like to use non-reusable Tailscale keys, or you'd prefer the instance to remain stable.
+   * Keep in mind that the AMI will grow old over time and is it your responsibility to evict it from the context.
+   *
+   * @default false
+   */
+  readonly cachedInContext?: boolean;
 }
 
 export class TailscaleBastion extends Construct {
@@ -122,6 +132,7 @@ export class TailscaleBastion extends Construct {
       incomingRoutes,
       advertiseRoute,
       cpuType,
+      cachedInContext,
     } = props;
 
     const authKeyCommand = this.computeTsKeyCli(tailscaleCredentials);
@@ -132,7 +143,7 @@ export class TailscaleBastion extends Construct {
       instanceName: instanceName ?? 'BastionHostTailscale',
       securityGroup,
       instanceType,
-      machineImage: MachineImage.latestAmazonLinux2023({ cpuType: cpuType ?? AmazonLinuxCpuType.X86_64 }),
+      machineImage: MachineImage.latestAmazonLinux2023({ cpuType: cpuType ?? AmazonLinuxCpuType.X86_64, cachedInContext: cachedInContext ?? false }),
       subnetSelection: subnetSelection ?? { subnetType: SubnetType.PUBLIC },
       init: CloudFormationInit.fromElements(
         // Configure IP forwarding